@metamask/keyring-controller 25.3.0

Added

• Expose KeyringController:exportSeedPhrase method through KeyringController messenger (#8587)
• Expose KeyringController:isUnlocked method through KeyringController messenger (#8573)
  • Returns true when the vault is unlocked, false otherwise. Mirrors state.isUnlocked and the isUnlocked() instance method, allowing consumers to check lock status via the messenger without holding a controller reference.
• Add withController action to run atomic operations on multiple keyrings (within a single transaction) (#8416)
  • This action uses a RestrictedController object that exposes addNewKeyring and removeKeyring methods to add and remove keyring during the transaction (atomic) call.
• Expose KeyringController:signTransaction method through KeyringController messenger (#8408)
• Persist vault when keyring state changes during unlock (#8415)
  • If a keyring's serialized state differs after deserialization (e.g. a migration ran, or metadata was missing), the vault is now re-persisted so the change is not lost on the next unlock.
• Added KeyringV2 support (#8390)
  • The controller now maintains a list of KeyringV2 instance in memory alongside previous Keyring instance.
  • This new keyring interface is more generic and will become the new standard to interact with keyring (creating accounts, executing logic that involves accounts like signing, etc...).
  • For now, most KeyringV2 are wrappers (read adapters) around existing Keyring instance.
• Added withKeyringV2Unsafe method and KeyringController:withKeyringV2Unsafe messenger action for lock-free read-only access to KeyringV2 adapters (#8390)
  • Mirrors withKeyringUnsafe semantics: no mutex acquired, no persistence or rollback.
  • Caller is responsible for ensuring the operation is read-only and accesses only immutable keyring data.
• Added withKeyringV2 method and KeyringController:withKeyringV2 messenger action for atomic operations using the KeyringV2 API (#8390)
  • Accepts a KeyringSelectorV2 to select keyrings by type, address, id, or filter.
  • Ships with default V2 builders for HD (HdKeyringV2) and Simple (SimpleKeyringV2) keyrings; additional builders can be registered via the keyringV2Builders constructor option.

Changed

• Bump @metamask/messenger from ^1.0.0 to ^1.2.0 (#8364, #8373, #8632)
• Bump @metamask/base-controller from ^9.0.1 to ^9.1.0 (#8457)
• Bump @metamask/eth-hd-keyring from ^13.1.1 to ^14.0.1 (#8464)
• Bump @metamask/eth-simple-keyring from ^11.1.2 to ^12.0.1 (#8464)
• Bump @metamask/keyring-api from ^21.6.0 to ^23.0.1 (#8464)
• Bump @metamask/keyring-internal-api from ^10.0.0 to ^11.0.0 (#8464, #8584)

@metamask/messenger 1.2.0

Added

• Allow overriding action handler in subclass (#8617)
  • The Messenger class now has a protected getAction method which returns the action handler for a given action name.
• Add subscribeOnce and waitUntil utility methods to Messenger (#8575)

Deprecated

• Deprecate generate-action-types CLI tool and messenger-generate-action-types binary (#8378)
  • The CLI has been extracted to @metamask/messenger-cli. Use messenger-action-types from this package instead.

Fixed

• Throw different error for missing delegated actions (#8557)

@metamask/assets-controller 6.2.1

Changed

• Bump @metamask/transaction-controller from ^64.4.0 to ^65.0.0 (#8613)
• Bump @metamask/assets-controllers from ^104.3.0 to ^105.0.0 (#8622)

@metamask/assets-controllers 105.0.0

Added

• Expose missing public CurrencyRateController methods through its messenger (#8561)
  • The following actions are now available:
    • CurrencyRateController:setCurrentCurrency
    • CurrencyRateController:updateExchangeRate
  • Corresponding action types (e.g. CurrencyRateControllerSetCurrentCurrencyAction) are available as well.

Changed

• BREAKING: Standardize names of CurrencyRateController messenger action types (#8561)
  • The GetCurrencyRateState messenger action has been renamed to CurrencyRateControllerGetStateAction to follow the convention. You will need to update imports appropriately.
  • These changes only affect the types. The action type strings themselves have not changed, so you do not need to update the list of actions you pass when initializing CurrencyRateController messenger.
• MultichainAssetsController: Restore fail-open behavior for Blockaid spam token filter (#8580)
  • Uses blacklist approach: only rejects tokens explicitly marked as malicious by Blockaid
  • When Blockaid bulk token scan API calls fail or return no results, tokens are allowed through
  • This prevents legitimate tokens from being blocked due to API outages, network issues, or missing token data
  • Malicious tokens that slip through are caught by the periodic rescan (runs daily by default)
• Bump @metamask/transaction-controller from ^64.3.0 to ^65.0.0 (#8585, #8613)

Fixed

• Fix selectAssetsBySelectedAccountGroup crashing when an account referenced in the account tree is missing from internal accounts (#8604)

@metamask/bridge-controller 71.0.0

Added

• BREAKING: Add quickBuy and dappSwap FeatureIds for external swap quote consumers (#8598)
• BREAKING: Add market_closed and quote_expired QuoteWarning (#8598)
• Add tokenSecurityTypeDestination: string | null to BridgeControllerState (default null), set via updateBridgeQuoteRequestParams and reset by resetState (#8595)

Changed

• BREAKING: Add required token_security_type_destination: string \| null to RequestParams, RequiredEventContextFromClient[InputSourceDestinationSwitched], and the context arg of updateBridgeQuoteRequestParams; emitted on every analytics event that includes token_address_destination (#8595)
• BREAKING: getRequestParams now takes a second positional argument tokenSecurityTypeDestination: string \| null (#8595)
• Bump @metamask/transaction-controller from ^64.3.0 to ^65.0.0 (#8585, #8613)
• Bump @metamask/assets-controller from ^6.1.0 to ^6.2.1 (#8590, #8622)
• Bump @metamask/assets-controllers from ^104.3.0 to ^105.0.0 (#8622)

@metamask/bridge-status-controller 71.1.0

Added

• Add optional tokenSecurityTypeDestination?: string \| null to BridgeHistoryItem, StartPollingForBridgeTxStatusArgs[Serialized], and the submitTx / submitIntent arguments; when provided, it's persisted on the history item and emitted as token_security_type_destination on post-submit analytics events (#8595)

Changed

• Bump @metamask/transaction-controller from ^64.3.0 to ^65.0.0 (#8585, #8613)
• Bump @metamask/bridge-controller from ^70.2.0 to ^71.0.0 (#8622)

@metamask/transaction-pay-controller 20.0.1

Changed

• Bump @metamask/assets-controller from ^6.2.0 to ^6.2.1 (#8622)
• Bump @metamask/assets-controllers from ^104.3.0 to ^105.0.0 (#8622)
• Bump @metamask/bridge-controller from ^70.2.0 to ^71.0.0 (#8622)
• Bump @metamask/bridge-status-controller from ^71.0.0 to ^71.1.0 (#8622)

@metamask/chomp-api-service 2.0.0

Changed

• BREAKING: Change AssociateAddressParams.timestamp type from string to number. (#8610)

@metamask/money-account-upgrade-controller 1.2.0

Changed

• Bump @metamask/chomp-api-service from ^1.0.0 to ^2.0.0 (#8618)

Fixed

• Send the CHOMP authentication timestamp as a number instead of a string in the associate-address step. (#8610)

@metamask/transaction-controller 65.0.0

Added

• Expose TransactionController:wipeTransactions method through TransactionController messenger (#8592)

Changed

• estimateGasBatch now skips the EIP-7702 path when the account's keyring does not support it, falling back to per-transaction gas estimation (#8388)
• doesAccountSupportEIP7702 now returns false instead of true when the account is not found in any keyring (#8388)
• BREAKING: Add KeyringControllerGetStateAction to AllowedActions to enable keyring-based EIP-7702 account compatibility checks in addTransactionBatch (#8388)
  • addTransactionBatch now automatically checks whether the account's keyring supports EIP-7702 before attempting the 7702 batch path, falling back to STX/sequential when unsupported
  • Clients must add KeyringController:getState to the TransactionController messenger's allowed actions

Fixed

• Fix batch transaction signing so each transaction is signed sequentially, preventing remaining hardware wallet prompts from appearing after a rejection (#8388)

@metamask/transaction-pay-controller 20.0.0

Changed

• Rename executeEnabled feature flag to gaslessEnabled (#8607)
• Bump @metamask/transaction-controller from ^64.3.0 to ^65.0.0 (#8585, #8613)
• Bump @metamask/assets-controller from ^6.1.0 to ^6.2.0 (#8590)

Fixed

• Fall back from Across to later pay strategies when Across quotes would require a first-time EIP-7702 authorization list (#8577)
• BREAKING: Fix mUSD conversion for hardware wallets on EIP-7702 chains by gating relay and Across 7702 paths on the account keyring type via KeyringController:getState (#8388)
  • The TransactionPayControllerMessenger now requires KeyringController:getState permission.

@metamask/eth-json-rpc-middleware 23.1.3

Fixed

• Allow Advanced Permissions metadata in signTypedData V4 requests (#8603)

@metamask/money-account-upgrade-controller 1.1.0

Added

• Add EIP-7702 authorization step to the upgrade sequence. (#8565)

@metamask/social-controllers 2.2.0

Added

• Add SocialService.fetchPositionById method exposing GET /v1/traders/position/:positionId, returning a single Position by ID (#8602)

@metamask/passkey-controller 1.0.0

Added

• Initial @metamask/passkey-controller (#8422): PasskeyController for WebAuthn passkey vault key protection (HKDF-derived keys, AES-256-GCM wrap/unwrap), PRF or userHandle derivation, challenge-keyed CeremonyManager, enrollment/unlock/renewal flows, verifyPasskeyAuthentication, selectors, and exported ceremony timing constants.
• PasskeyControllerError with stable code, optional cause / context, toJSON, and toString; PasskeyControllerErrorCode, PasskeyControllerErrorMessage, and controllerName. Replaces PasskeyAuthenticationRejectedError—use PasskeyControllerError and code for auth failures.
• BREAKING: Operational error messages are prefixed with PasskeyController - ; prefer code or instanceof PasskeyControllerError over matching raw strings.
• renewVaultKeyProtection uses the same vault_key_decryption_failed code as retrieveVaultKeyWithPasskey when AES-GCM decrypt fails.
• Thrown failures from verifyRegistrationResponse / verifyAuthenticationResponse are wrapped in PasskeyControllerError with registration_verification_failed / authentication_verification_failed and the underlying error as cause (aligned with the verified: false path).
• Debug logging (via @metamask/utils) for registration/authentication verification failures, missing ceremony state, vault decrypt failures, and vault key mismatch during renewal.

Fixed

• Registration verification requires the credential id/rawId to match the credential id in authenticator data; vault wrapping key derivation uses that verified credential id so enrollment keys align with the stored credential.
• Registration options request attestation conveyance 'none' so clients are not asked for direct attestation formats the verifier does not implement (none and self-attested packed only).

@metamask/assets-controller 6.2.0

Added

• Add CustomAssetGraduationMiddleware that removes an EVM asset from customAssets[selectedAccount] when AccountsApiDataSource or BackendWebsocketDataSource reports a balance for it (#8582)
  • Non-EVM custom assets (Solana, BTC, Tron) are not affected.
  • RpcDataSource continues to be the sole balance fetcher for assets still in customAssets.
• Add RpcFallbackMiddleware to the fast pipeline so chains that error in response.errors (network error, unprocessedNetworks, timeout) fall back to RpcDataSource (#8582)
  • Successful RPC results are merged into the response and recovered chains are cleared from response.errors.
• Add a configurable fetchTimeoutMs option (default 15000) to AccountsApiDataSource, PriceDataSource, and TokenDataSource (#8582)
  • On timeout, AccountsAPI marks every requested chain as errored so RpcFallbackMiddleware picks them up; price and token enrichment degrade gracefully.
• Add fetchWithTimeout utility that races an async task against a timeout (#8582)

Changed

• Bump @metamask/transaction-controller from ^64.3.0 to ^64.4.0 (#8585)

Fixed

• Handle trace callback returning undefined without throwing (#8586)